Cisco 837 Router configuration help needed!

Discussion in 'Routing & Switching' started by ciscofevers, Aug 21, 2007.

  1. ciscofevers

    ciscofevers New Member

    1
    0
    1
    Evening all.

    Please could I have some suggestions or an example config.

    This is my setup

    client--->Checkpoint VPN edge firewall----> cisco 837 ADSL router.


    The telco has allocated a 1 static IP for connectivity and a range of public IP's to assign to the hardware interfaces.


    example

    client--------> Checkpoint VPN edge firewall----------------> cisco 837 ADSL router------->Internet

    192.168.0.1/24------->192.168.0.2------->Public IP(81.x.x.x/27)--->Public IP(81.x.x.x/27-------->static IP for connectivity)




    I am trying to setup a BOVPN (site to site vpn) using the checkpoint vpn edge firewall, however I seem to be having issues with the cisco config.

    I have easily setup a standard ADSL connection with another router using a NATed config so the ADSL is not a problem, its just I am not having any success with the above topology.


    Does the cisco router need to be setup as a bridge? It could that I am getting the ACL's wrong.

    I have issued debug PPP authentication, I can see that authentication is successfull. I have tried to ping directly from the router to the ISP's DNS servers but no good. When I perform a traceroute from the client to the internet, I see the NAT translation but when it get to the public IP on the eth 0 I get "destination unreachable"

    I can ping from the router to the Public IP on the outside interface of the checkpoint.


    Is it right to say that having NAT on the checkpoint and on the router would just complicate things? So what should I do to keep it simple?


    I would appreciate any help.

    Thanks

    Ciscofevers:blink
     
  2. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    Just a suggestion, can you bridge the ADSL router onto the WAN port of Checkpoint firewall, only have NAT on the Checkpoint.

    If you dont want to bridge the interfaces you should be able to configure this with the range of public IPs you have. 8)
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  3. HUSTLECHILD_UK

    HUSTLECHILD_UK New Member

    1
    0
    1
    This sounds like possibly a routing issue on the 837.

    The layer 2 negotiation via PPP is obviously working and the dialer interface is in an up/up state with the static address assigned I take it?

    Are you sure you have a default route configured out to the internet. Check your routing table to make sure the route is there.

    If it isn't you need to add the following line into your config -

    ip route 0.0.0.0 0.0.0.0 Dialer1 (or whatever dialer interface you are using)

    You will also need to ensure the router and firewall are accepting ISAKMP, UDP 10000 and ESP as inbound protocols from your IPSec peer.

    I don't understand why you have a public ip address configured between your router and firewall. You only need one public interface and that is the one that faces the internet on the 837.

    Steve
     

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.